---
page_title: "cloudflare_teams_account Resource - Cloudflare"
subcategory: ""
description: |-
  Provides a Cloudflare Teams Account resource. The Teams Account
  resource defines configuration for secure web gateway.
---

# cloudflare_teams_account (Resource)

Provides a Cloudflare Teams Account resource. The Teams Account
resource defines configuration for secure web gateway.

## Example Usage

```terraform
resource "cloudflare_teams_account" "example" {
  account_id                 = "f037e56e89293a057740de681ac9abbe"
  tls_decrypt_enabled        = true
  protocol_detection_enabled = true

  block_page {
    footer_text      = "hello"
    header_text      = "hello"
    logo_path        = "https://example.com/logo.jpg"
    background_color = "#000000"
  }

  body_scanning {
    inspection_mode = "deep"
  }

  antivirus {
    enabled_download_phase = true
    enabled_upload_phase   = false
    fail_closed            = true
    notification_settings {
      enabled     = true
      message     = "you are blocked"
      support_url = "https://example.com/blocked"
    }
  }

  fips {
    tls = true
  }

  proxy {
    tcp     = true
    udp     = true
    root_ca = true
  }

  url_browser_isolation_enabled = true

  logging {
    redact_pii = true
    settings_by_rule_type {
      dns {
        log_all    = false
        log_blocks = true
      }
      http {
        log_all    = true
        log_blocks = true
      }
      l4 {
        log_all    = false
        log_blocks = true
      }
    }
  }

  extended_email_matching {
    enabled = true
  }
}
```
<!-- schema generated by tfplugindocs -->
## Schema

### Required

- `account_id` (String) The account identifier to target for the resource.

### Optional

- `activity_log_enabled` (Boolean) Whether to enable the activity log.
- `antivirus` (Block List, Max: 1) Configuration block for antivirus traffic scanning. (see [below for nested schema](#nestedblock--antivirus))
- `block_page` (Block List, Max: 1) Configuration for a custom block page. (see [below for nested schema](#nestedblock--block_page))
- `body_scanning` (Block List, Max: 1) Configuration for body scanning. (see [below for nested schema](#nestedblock--body_scanning))
- `extended_email_matching` (Block List, Max: 1) Configuration for extended e-mail matching. (see [below for nested schema](#nestedblock--extended_email_matching))
- `fips` (Block List, Max: 1) Configure compliance with Federal Information Processing Standards. (see [below for nested schema](#nestedblock--fips))
- `logging` (Block List, Max: 1) (see [below for nested schema](#nestedblock--logging))
- `non_identity_browser_isolation_enabled` (Boolean) Enable non-identity onramp for Browser Isolation. Defaults to `false`.
- `payload_log` (Block List, Max: 1) Configuration for DLP Payload Logging. (see [below for nested schema](#nestedblock--payload_log))
- `protocol_detection_enabled` (Boolean) Indicator that protocol detection is enabled.
- `proxy` (Block List, Max: 1) Configuration block for specifying which protocols are proxied. (see [below for nested schema](#nestedblock--proxy))
- `ssh_session_log` (Block List, Max: 1) Configuration for SSH Session Logging. (see [below for nested schema](#nestedblock--ssh_session_log))
- `tls_decrypt_enabled` (Boolean) Indicator that decryption of TLS traffic is enabled.
- `url_browser_isolation_enabled` (Boolean) Safely browse websites in Browser Isolation through a URL. Defaults to `false`.

### Read-Only

- `id` (String) The ID of this resource.

<a id="nestedblock--antivirus"></a>
### Nested Schema for `antivirus`

Required:

- `enabled_download_phase` (Boolean) Scan on file download.
- `enabled_upload_phase` (Boolean) Scan on file upload.
- `fail_closed` (Boolean) Block requests for files that cannot be scanned.

Optional:

- `notification_settings` (Block List, Max: 1) Set notifications for antivirus. (see [below for nested schema](#nestedblock--antivirus--notification_settings))

<a id="nestedblock--antivirus--notification_settings"></a>
### Nested Schema for `antivirus.notification_settings`

Optional:

- `enabled` (Boolean) Enable notification settings.
- `message` (String) Notification content.
- `support_url` (String) Support URL to show in the notification.



<a id="nestedblock--block_page"></a>
### Nested Schema for `block_page`

Optional:

- `background_color` (String) Hex code of block page background color.
- `enabled` (Boolean) Indicator of enablement.
- `footer_text` (String) Block page footer text.
- `header_text` (String) Block page header text.
- `logo_path` (String) URL of block page logo.
- `mailto_address` (String) Admin email for users to contact.
- `mailto_subject` (String) Subject line for emails created from block page.
- `name` (String) Name of block page configuration.


<a id="nestedblock--body_scanning"></a>
### Nested Schema for `body_scanning`

Required:

- `inspection_mode` (String) Body scanning inspection mode. Available values: `deep`, `shallow`.


<a id="nestedblock--extended_email_matching"></a>
### Nested Schema for `extended_email_matching`

Required:

- `enabled` (Boolean) Whether e-mails should be matched on all variants of user emails (with + or . modifiers) in Firewall policies.


<a id="nestedblock--fips"></a>
### Nested Schema for `fips`

Optional:

- `tls` (Boolean) Only allow FIPS-compliant TLS configuration.


<a id="nestedblock--logging"></a>
### Nested Schema for `logging`

Required:

- `redact_pii` (Boolean) Redact personally identifiable information from activity logging (PII fields are: source IP, user email, user ID, device ID, URL, referrer, user agent).
- `settings_by_rule_type` (Block List, Min: 1, Max: 1) Represents whether all requests are logged or only the blocked requests are slogged in DNS, HTTP and L4 filters. (see [below for nested schema](#nestedblock--logging--settings_by_rule_type))

<a id="nestedblock--logging--settings_by_rule_type"></a>
### Nested Schema for `logging.settings_by_rule_type`

Required:

- `dns` (Block List, Min: 1, Max: 1) Logging configuration for DNS requests. (see [below for nested schema](#nestedblock--logging--settings_by_rule_type--dns))
- `http` (Block List, Min: 1, Max: 1) Logging configuration for HTTP requests. (see [below for nested schema](#nestedblock--logging--settings_by_rule_type--http))
- `l4` (Block List, Min: 1, Max: 1) Logging configuration for layer 4 requests. (see [below for nested schema](#nestedblock--logging--settings_by_rule_type--l4))

<a id="nestedblock--logging--settings_by_rule_type--dns"></a>
### Nested Schema for `logging.settings_by_rule_type.dns`

Required:

- `log_all` (Boolean) Whether to log all activity.
- `log_blocks` (Boolean)


<a id="nestedblock--logging--settings_by_rule_type--http"></a>
### Nested Schema for `logging.settings_by_rule_type.http`

Required:

- `log_all` (Boolean) Whether to log all activity.
- `log_blocks` (Boolean)


<a id="nestedblock--logging--settings_by_rule_type--l4"></a>
### Nested Schema for `logging.settings_by_rule_type.l4`

Required:

- `log_all` (Boolean) Whether to log all activity.
- `log_blocks` (Boolean)




<a id="nestedblock--payload_log"></a>
### Nested Schema for `payload_log`

Required:

- `public_key` (String) Public key used to encrypt matched payloads.


<a id="nestedblock--proxy"></a>
### Nested Schema for `proxy`

Required:

- `root_ca` (Boolean) Whether root ca is enabled account wide for ZT clients.
- `tcp` (Boolean) Whether gateway proxy is enabled on gateway devices for TCP traffic.
- `udp` (Boolean) Whether gateway proxy is enabled on gateway devices for UDP traffic.


<a id="nestedblock--ssh_session_log"></a>
### Nested Schema for `ssh_session_log`

Required:

- `public_key` (String) Public key used to encrypt ssh session.

## Import

Import is supported using the following syntax:

```shell
$ terraform import cloudflare_teams_account.example <account_id>
```
